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Chapter 1 


Security Policy Enforcement 
Framework (SPEF) Foundation API 


1.1 References 


[1] Software Architecture Document, Version 1.1 Revision 1.4, LiMo Foundation, 11 September 2007 


1.2 Overview 


The purpose of the Security Policy Enforcement Framework (SPEF) is to provide a means by which appli- 
cations can be run on the handset in such a way that they can only perform operations and access resources 
that they have been authorized to use. This is important for applications written or controlled by the hand- 
set manufacturer or by a 2nd-party in close collaboration with the manufacturer, but it is essential to host 
3rd-party applications, especially native code applications, i.e. code that is compiled and runs directly on 
the platform rather than in an interpreted execution environment. 


SPEF provides for the specification and enforcement of access control rules for all applications and exe- 
cutables in the system. All processes will be running in a protection domain. These (protection) domains 
allow grouping of code by level of authorization to access resources and perform operations. Domains can 
be defined according to the level of trust associated with the software. The level of trust would typically 
be influenced by the level of manufacturer-defined testing that software undergoes, or by the relationship 
between the manufacturer and the 3rd party. Domains can be defined where the authorization for software 
to perform operations and access resources is appropriate for the level of trust. SPEF allows any number 
of domains. 


The domains, permissions and policies are described in a set of configuration files, called the Domain and 
Policy Stores. There are two versions of these, one for protecting kernel resources, and one for protecting 
user space resources. The two Policy Stores are different, but both Domain Stores are identical. We use 
two copies because it makes accessing this information easier. 


Kernel resources are secured by SPEF policy checks by the SPEF LSM code inside the kernel. There is no 
exposed API for that. User space resources need to be protected by resource manager applications. The 
picture shows three examples of resource managers, but there can be many more. Access to the resources 
managed by these resource managers should use a form of IPC (Inter-Process Communication) between 
client applications and resource managers. The SPEF API allows user space resource managers to perform 
security checks on operations requested by its clients. 
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Figure 1.1: SPEF Architecture Diagram 
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1.2.1 Key Concepts 


Several key concepts are described in the following sections. See Examples for code samples. 


1.2.1.1 DomainStore 


Domains allow grouping of UEs (units of execution - executables and logical applications) by level of 
authorization that they are given when accessing resources and performing operations. The Domain Store 
defines all the domains used for a particular PolicyStore. This should be common for both kernel and user 
space. The PolicyStore and DomainStore files are created in XML format and converted to binary format 
by spef_compile utility for runtime performance. 


1.2.1.2 MetaStore 


The MetaStore contains descriptions of all permission types that can be used on the device. 


1.2.1.3 PolicyStore 


The PolicyStore specifies the actual policy rules to be checked during runtime. It uses the DomainStore 
definitions of domains, and the MetaStore definitions of permissions. 


1.2.1.4 Asynchronous Functions Under Development 


The API describes both the synchronous and asynchronous checker functions. Only the synchronous func- 
tions are currently implemented. The asynchronous functions are under development and will allow for 
input from the end-user to grant or deny a selected set of permissions. 


1.3 Industry Standard 


None 


1.4 External API Documents 


None 


1.5 Plug-in Extension Point Interface 


None 


1.6 Other Interfaces 


None 
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1.7 Other Notes 


The API describes both the synchronous and asynchronous checker functions. Only the synchronous func- 
tions are currently implemented. The asynchronous functions are under development and will allow for 
input from the enduser to grant or deny a selected set of permissions. 
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Data Structure Index 


2.1 Data Structures 


Here are the data structures with brief descriptions: 


SPS]. Lola aoe e e Grae ooh ke ae na 


Data Structure Index 
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File Index 


3.1 File List 


Here is a list of all documented files with brief descriptions: 


ComponentOverview.h (Component Programming Interface Overview Header Template for 


Doxygen): renia e a hed ek Wd eb ad Shee E SEA A 
spef.h (This file defines public API for Security Policy Enforcement Facility (SPEF) ) ...... 


File Index 
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Data Structure Documentation 


4.1 spef resource_t Struct Reference 


#include <spef.h> 


4.1.1 Detailed Description 
Resource values. This structure is used to provide input resource vector. 


Examples: 


sync.c. 


Data Fields 


e unsigned int type 
e unsigned int n 
e const char * s 
e const char ** a 
4.1.2 Field Documentation 
4.1.2.1 unsigned int spef_resource_t::type 


type of current entry; one of SPEF_RESTYPE_* values 


Examples: 


sync.c. 


4.1.2.2 unsigned int spef_resource_t::n 


integer value; used for INT, BITARRAY and INTRANGE 
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Examples: 


sync.c. 


4.1.2.3 const charx spef_resource_t::s 
zero-terminated string value; used for STRING and PATH 


Examples: 


sync.c. 


4.1.2.4 const char** spef_resource_t::a 


zero-terminated array of zero-terminated strings; used for STRARRAY 


The documentation for this struct was generated from the following file: 


e spef.h 
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File Documentation 


5.1 ComponentOverview.h File Reference 


5.1.1 Detailed Description 


Component Programming Interface Overview Header Template for Doxygen. 


This file contains configuration information for documentation generation; it does not contain any API- 
specific information. 
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5.2 


spef.h File Reference 


5.2.1 Detailed Description 


This file defines public API for Security Policy Enforcement Facility (SPEF). 


Data Structures 


struct spef_resource_t 


Defines 


#define SPEF_RESULT_OK 0 

#define SPEF_RESULT_NOT_ALLOWED 1 

#define SPEF_RESULT_IN_PROGRESS 2 

#define SPEF_RESULT_CANT_GET_DOMAINS 3 
#define SPEF_RESULT_INVALID_PARAM 4 

#define SPEF_RESULT_STORE_FILE_NOT_FOUND 5 
#define SPEF_RESULT_STORE_FILE_CORRUPTED 6 
#define SPEF_RESULT_DOMAIN_NOT_FOUND 7 
#define SPEF_RESULT_ARRAY_SIZE_TOO_SMALL 8 
#define SPEF_RESULT_CANT_SET_DOMAIN 9 
#define SPEF_RESULT_CANT_CREATE_CONNECTION 10 
#define SPEF_RESULT_DOMAIN_NOT_MATCH 11 
#define SPEF_RESULT_CANT_LAUNCH_API 12 
#define SPEF_RESULT_STORE_MISMATCH 13 
#define SPEF_RESTYPE_INT 1 

#define SPEF_RESTYPE_BITARRAY 2 

#define SPEF_RESTYPE_STRING 3 

#define SPEF_RESTYPE_STRARRAY 4 

#define SPEF_RESTYPE_PATH 5 

#define SPEF_RESTYPE_IPCKEY 6 

#define SPEF_RESTYPE_INTRANGE 7 


Typedefs 


typedef void * spef_store_handle_t 


Functions 


int SPEF_InitStore (const char *szStore, spef_store_handle_t *hStoreHandle) 
Open SPEF store. 


int SPEF_CloseStore (spef_store_handle_t hStoreHandle) 
Close SPEF store. 


int SPEF_CheckEx (spef_store_handle_t hStoreHandle, int nPermissionID, const int *anPIDs, int 
nPIDCount, const int «anDomainIDs, int nDomainIDCount, const spef_resource_t *res, unsigned 
int res_num) 
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Check for permission to use resource, based on array of PIDs and array of DomainIDs. If checking requires 
user interaction, function will return SPEF_RESULT_NOT_ALLOWED. 


static int SPEF_Check (spef_store_handle_t hStoreHandle, int nPermissionID, int pid, const spef_- 
resource_t *res, unsigned int res_num) 


Check for permission to use resource, based on PID. If checking requires user interaction, function will 
return SPEF_RESULT_NOT_ALLOWED. 


int SPEF_Exec (const int *anDomainIDs, int nDomainIDCount, const char «path, char «const 
argvi ]) 


launch API, a combination of setting the proper domain list to the process and execv(). 


int SPEF_Domain2ID (const char *szDomain, int *pnDomainID) 


Converts domain name to numeric domain ID. 


int SPEF_ID2Domain (int nDomainID, const char **pszDomain) 


Converts numeric domain ID to domain string name. 


int SPEF_Path2DomainID (const char *szPath, int *«pnDomainID) 


Converts path to numeric domain ID. The Domain Store can associate folders with one (and only one) 
domain. Executables in such a folder will be launched into that domain. This function checks if the path is 


associated with a domain. 


e int SPEF_PID2DomainID (int pid, int *aDomains, unsigned int *nArraySize) 


Return numeric domain IDs of a process. 


5.2.2 Define Documentation 
5.2.2.1 #define SPEF_RESTYPE_BITARRAY 2 
Bit Array (up to 32 bits) 


Examples: 


sync.c. 


5.2.2.2 #define SPEF_RESTYPE_INT 1 


Resource types Integer (32 bit) 


5.2.2.3 define SPEF_RESTYPE_INTRANGE 7 


Range of integers, represented by min and max 


5.2.2.4 #define SPEF_RESTYPE_IPCKEY 6 


The key itself or pathname and project id for use by ftok() 
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5.2.2.5 #define SPEF_RESTYPE_PATH 5 


Pathname using forwarded slashes 


Examples: 


sync.c. 


5.2.2.6 #define SPEF_RESTYPE_STRARRAY 4 


Array of zero-terminated strings 


5.2.2.7 #define SPEF_RESTYPE_STRING 3 


Zero-terminated string 


5.2.2.8 #define SPEF_RESULT_ARRAY_SIZE_TOO_SMALL 8 


Size of array of domain ID not enough 


5.2.2.9 #define SPEF_RESULT_CANT_CREATE_ CONNECTION 10 


Unable to get connection for user interaction 


5.2.2.10 #define SPEF_RESULT_CANT_GET_DOMAINS 3 


Unable to retrieve domain list 


5.2.2.11 #define SPEF_RESULT_CANT_LAUNCH_ API 12 


Unable to launch new API 


5.2.2.12 #define SPEF_RESULT_CANT_SET_DOMAIN 9 


Unable to set domain 


5.2.2.13 #define SPEF_RESULT_DOMAIN_NOT_FOUND 7 


Domain can not be found 


5.2.2.14 #define SPEF_RESULT_DOMAIN_NOT_MATCH 11 


Abstract domain and certificate DN do not match 


5.2.2.15 #define SPEF_RESULT_IN_PROGRESS 2 


Operation requires user’s approval and would block 
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5.2.2.16 #define SPEF_RESULT_INVALID_PARAM 4 


Invalid parameter detected 


5.2.2.17 define SPEF_RESULT_NOT_ALLOWED 1 


Operation is not allowed 


5.2.2.18 #define SPEF_RESULT_OK 0 


Error codes returned by SPEF API functions Success 


5.2.2.19 #define SPEF_RESULT_STORE_FILE_CORRUPTED 6 


Store file is not recognizable as such 


5.2.2.20 #define SPEF_RESULT_STORE_FILE_NOT_FOUND 5 


Store file can not be found 


5.2.2.21 #define SPEF_RESULT_STORE_MISMATCH 13 


Domain and policy store not compiled together 


5.2.3 Typedef Documentation 
5.2.3.1 typedef void» spef_store_handle_t 
Handle for spef store 


Examples: 


sync.c. 


5.2.4 Function Documentation 


5.2.4.1 static int SPEF_Check (spef_store_handle_t hStoreHandle, int nPermissionID, int pid, 
const spef_resource_t x res, unsigned int res_num) [inline, static] 


Check for permission to use resource, based on PID. If checking requires user interaction, function will 
return SPEF_RESULT_NOT_ALLOWED. 


Parameters: 


hStoreHandle store handle acquired by SPEF_InitStore 
nPermissionID permission ID generated by spef tool from meta-policy 
pid client’s PID 


res input resources, a table of resource values to be checked against the policy 
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res_num number of entries in res[] 


Returns: 


SPEF_RESULT_OK if allowed, SPEF_RESULT_NOT_ALLOWED if not allowed, or error. 


Examples: 


sync.c. 


5.2.4.2 int SPEF_CheckEx (spef_store_handle_t hStoreHandle, int nPermissionID, const 
int x anPIDs, int nPIDCount, const int x anDomainIDs, int nDomainIDCount, const 
spef_resource_t * res, unsigned int res_num) 


Check for permission to use resource, based on array of PIDs and array of DomainIDs. If checking requires 
user interaction, function will return SPEF_RESULT_NOT_ALLOWED. 


Parameters: 
hStoreHandle store handle acquired by SPEF_InitStore 
nPermissionID permission ID generated by spef tool from meta-policy 
anPIDs an array of client’s PIDs 
nPIDCount the number of client’s PIDs 
anDomainIDs an array of numeric domain IDs 
nDomainIDCount number of entries in anDomainIDs[] 
res input resource, a table of resource values to be checked against the policy 


res_num number of entries in res[] 


Returns: 


SPEF_RESULT_OK if allowed, SPEF_RESULT_NOT_ALLOWED if not allowed, or error. 


5.2.4.3 int SPEF_CloseStore (spef_store_handle_t hStore Handle) 
Close SPEF store. 


Parameters: 


hStoreHandle SPEF store handle 


Returns: 


SPEF_RESULT_OK or error. 


Examples: 


sync.c. 
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5.2.4.4 int SPEF_Domain2ID (const char x szDomain, int  pnDomainID) 


Converts domain name to numeric domain ID. 


Parameters: 
szDomain domain name, a zero terminated string 
pnDomainID [out] domain numeric ID 
Returns: 


SPEF_RESULT_OK if operation is successful or appropriate error code 


5.2.4.5 int SPEF_Exec (const int x anDomainIDs, int nDomainIDCount, const char + path, char 
«const argv[ ]) 


launch API, a combination of setting the proper domain list to the process and execv(). 


Parameters: 


anDomainIDs an array of numeric domain IDs 
nDomainIDCount number of entries in anDomainIDs[] 
path executable 


argy arguments to the new application. zero-terminated array. 


Returns: 


SPEF_RESULT_CANT_LAUNCH_ API if execv() fails, SPEF_RESULT_CANT_SET_DOMAIN if 
new domain list cannot be set, or SPEF_RESULT_INVALID_PARAM if some parameters are incor- 
rect. 


5.2.4.6 int SPEF_ID2Domain (int nDomainID, const char *x pszDomain) 
Converts numeric domain ID to domain string name. 


Parameters: 


nDomainID domain ID 


pszDomain [out] domain string name. Note that caller should not change string content or free the 
returned pointer. 


Returns: 


SPEF_RESULT_OK if operation is successful or appropriate error code 


5.2.4.7 int SPEF_InitStore (const char + szStore, spef_store_handle_t « hStoreHandle) 
Open SPEF store. 


Sync (or) Asyne: 


This function is not thread-safe. 
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Parameters: 


szStore SPEF store name, a zero terminated string 


hStoreHandle [out] handle 


Returns: 


SPEF_RESULT_OK or error. 


Examples: 


sync.c. 


5.2.4.8 int SPEF_Path2DomainID (const char x szPath, int x pnDomainID) 


Converts path to numeric domain ID. The Domain Store can associate folders with one (and only one) 
domain. Executables in such a folder will be launched into that domain. This function checks if the path is 
associated with a domain. 
Parameters: 

szPath file location, a zero terminated string 


pnDomainID [out] domain numeric ID 


Returns: 


SPEF_RESULT_OK if operation is successful or appropriate error code 


5.2.4.9 int SPEF_PID2DomainID (int pid, int x aDomains, unsigned int * nArray Size) 
Return numeric domain IDs of a process. 


Parameters: 
pid process id 
aDomains [out] an array of numeric domain IDs 


nArraySize [in/out] size of array aDomains that the user allocates. The required array size is returned. 


Returns: 


SPEF_RESULT_ARRAY_SIZE_TOO_SMALL if the supplied array is too small, SPEF_RESULT_- 
CANT_GET_DOMAINS if the list cannot be retrieved, or SPEF_RESULT_OK 
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6.1 spef ds.xml 


This is example XML code for using the DomainStore. 


<!-- 
HIGHLY CONFIDENTIAL MATERIALS OF LIMO FOUNDATION AND ITS LICENSORS 


Copyright (c) 2006-2007 Motorola, Inc. 


Licensed under Foundation Public License (FPL), Version 1.0 or 
later (FPL (Non-Common Capable)). 

FPL V1.0 is attached as Annex B to the Intellectual Property Rights 
Policy, which is Annex A to the Bylaws of LiMo Foundation dated 
April 2, 2007. 


This source code software file contains highly confidential and 
proprietary information and is provided only to authorized members 
of the LiMo Foundation and other authorized entities for their use 
as provided by the LiMo Foundation bylaws, annexes, related 
documents and other governing documents. Possession or use by any 
other entity is strictly prohibited. Copies of the governing 
documents may be downloaded at www.limofoundation.org, or obtained 
directly from the LiMo Foundation by sending an e-mail to 
admin@limofoundation.org or by contacting: 


LiMo Foundation 

IEEE-ISTO 

445 Hoes Lane 

Piscataway, NJ 08854-4141 


This software file and its contents are provided on an "as is" 
basis without any express or implied warranty, including without 
limitation, any warranty that it is accurate, defect-free, free 
from infringement, contains particular functions or is suitable 
for a particular purpose. All express and implied statutory 
warranties are disclaimed, including without limitation, the 
warranty of merchantability, fitness for a particular purpose, 
title or non-infringement. 


NON-COMMON CAPABLE HEADER FILE 10-09-2007 


20 Example Documentation 


<DOMAINSTORE version="1"> 
<DOMAIN name="CORE"> 
<SOURCE path="/usr/bin"/> 
<SOURCE path="/sbin"/> 
</DOMAIN> 
<DOMAIN name="MOT"> 
<SOURCE path="/local/bin"/> 
<SOURCE path="/moto/bin"/> 
</DOMAIN> 
<DOMAIN name="USER"> 
<SOURCE path="/local/usr/bin"/> 
</DOMAIN> 
</DOMAINSTORE> 
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6.2 spef_ms.xml 


This is example XML code for using the MetaStore. 


<!-- 
HIGHLY CONFIDENTIAL MATERIALS OF LIMO FOUNDATION AND ITS LICENSORS 


Copyright (c) 2006-2007 Motorola, Inc. 


Licensed under Foundation Public License (FPL), Version 1.0 or 
later (FPL (Non-Common Capable)). 

FPL V1.0 is attached as Annex B to the Intellectual Property Rights 
Policy, which is Annex A to the Bylaws of LiMo Foundation dated 
April 2, 2007. 


This source code software file contains highly confidential and 
proprietary information and is provided only to authorized members 
of the LiMo Foundation and other authorized entities for their use 
as provided by the LiMo Foundation bylaws, annexes, related 
documents and other governing documents. Possession or use by any 
other entity is strictly prohibited. Copies of the governing 
documents may be downloaded at www.limofoundation.org, or obtained 
directly from the LiMo Foundation by sending an e-mail to 
admin@limofoundation.org or by contacting: 


LiMo Foundation 

IEEE-ISTO 

445 Hoes Lane 

Piscataway, NJ 08854-4141 


This software file and its contents are provided on an "as is" 
basis without any express or implied warranty, including without 
limitation, any warranty that it is accurate, defect-free, free 
from infringement, contains particular functions or is suitable 
for a particular purpose. All express and implied statutory 
warranties are disclaimed, including without limitation, the 
warranty of merchantability, fitness for a particular purpose, 
title or non-infringement. 


NON-COMMON CAPABLE HEADER FILE 10-09-2007 
--> 


<METASTORE version="1"> 
<PERMISSION name="FILE" kernel="Y"> 
<RESOURCE name="PATH"> 
DESCRIPTION>path of file</DESCRIPTION> 
<STRVECTOR format="path"/> 
</RESOURCE> 
<RESOURCE name="PERM"> 
<DESCRIPTION> 
File permissions. See MAY_EXEC etc in fs.h. 
/DESCRIPTION> 
BITARRAY length="4"> 
<ENCODING key="EXEC" value="0x00000001" /> 
<ENCODING key="WRITE" value="0x00000002" /> 
<ENCODING key="READ" value="0x00000004" /> 
</BITARRAY> 
</RESOURCE> 
</PERMISSION> 
</METASTORE> 


A 


A 


A 
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6.3 spef_ps.xml 


This is example XML code for using the PolicyStore. 


<!-- 


HIGHLY CONFIDENTIAL MATERIALS OF LIMO FOUNDATION AND ITS LICENSORS 


Copyright (c) 2006-2007 Motorola, Inc. 


Licensed under Foundation Public License (FPL), Version 1.0 or 
later (FPL (Non-Common Capable)). 


FPL V1.0 is attached as Annex B to the Intellectual Property Rights 


Policy, which is Annex A to the Bylaws of LiMo Foundation dated 
April 2, 2007. 


This source code software file contains highly confidential and 


proprietary information and is provided only to authorized members 
of the LiMo Foundation and other authorized entities for their use 


as provided by the LiMo Foundation bylaws, annexes, related 


documents and other governing documents. Possession or use by any 


other entity is strictly prohibited. Copies of the governing 


documents may be downloaded at www.limofoundation.org, or obtained 


directly from the LiMo Foundation by sending an e-mail to 
admin@limofoundation.org or by contacting: 


LiMo Foundation 

IEEE-ISTO 

445 Hoes Lane 

Piscataway, NJ 08854-4141 


This software file and its contents are provided on an "as is" 
basis without any express or implied warranty, including without 
limitation, any warranty that it is accurate, defect-free, free 
from infringement, contains particular functions or is suitable 
for a particular purpose. All express and implied statutory 
warranties are disclaimed, including without limitation, the 
warranty of merchantability, fitness for a particular purpose, 
title or non-infringement. 


NON-COMMON CAPABLE HEADER FILE 10-09-2007 
--> 


<POLICYSTORE version="1"> 
<DOMAIN name="CORE"> 
<PERMISSION name="FILE"> 
<RULE> 
<RESOURCE value="/home/core"/> 
<RESOURCE value="EXEC"/> 
</RULE> 
<RULE> 
<RESOURCE value="/usr/var"/> 
<RESOURCE value="READ | WRITE"/> 
</RULE> 
</PERMISSION> 
</DOMAIN> 
</POLICYSTORE> 
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6.4 sync.c 


This is example "C" code for using the SPEF API to check permissions. 


+ FF ACA F F F F F F F F F F FF F F F F FF F F F F F F F F 


Application SPEF lib 


1: SPEF_InitStoret) 


2: SPEF_Check0) 


3: SPEF_CloseStoret) 


Figure 6.1: SPEF Synchronous Call Sequence 


HIGHLY CONFIDENTIAL MATERIALS OF LIMO FOUNDATION AND ITS LICENSORS 
Copyright (c) 2006-2007 Motorola, Inc. 


Licensed under Foundation Public License (FPL), Version 1.0 or 
later (FPL (Non-Common Capable) ) 
FPL V1.0 is attached as Annex B to the Intellectual Property Rights 
Policy, which is Annex A to the Bylaws of LiMo Foundation dated 

April 2, 2007. 


This source code software file contains highly confidential and 
proprietary information and is provided only to authorized members 
of the LiMo Foundation and other authorized entities for their use 
as provided by the LiMo Foundation bylaws, annexes, related 
documents and other governing documents. Possession or use by any 
other entity is strictly prohibited. Copies of the governing 
documents may be downloaded at www.limofoundation.org, or obtained 
directly from the LiMo Foundation by sending an e-mail to 
admin@limofoundation.org or by contacting: 


LiMo Foundation 

IEEE-ISTO 

445 Hoes Lane 

Piscataway, NJ 08854-4141 
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limitation, any warranty that it is accurate, defect-free, free 
from infringement, contains particular functions or is suitable 
for a particular purpose. All express and implied statutory 
warranties are disclaimed, including without limitation, the 
warranty of merchantability, fitness for a particular purpose, 
title or non-infringement. 


NON-COMMON CAPABLE HEADER FILE 10-09-2007 


HO 


#include <stdio.h> 
#include "spef.h" 
#include "spef_ms.h" 


int main(int argc, charxx* argv) 

{ 
spef_store_handle_t hStoreHandle; 
const char* szFileName = "/home/core"; 
int nPID ;//process ID 
int error; 


error = SPEF_InitStore("spef_sample.dat", &hStoreHandle) ; 
if (error) { 

printf("Cannot open policy store.\n"); 

return error; 


nPID = 1234; 
//nPID is the process who wants to access the resouce. 


int result; 

spef_resource_t res[2]; 

//File name to be accessed. 
res[0].type = SPEF_RESTYPE_PATH; 


res[0].val_u.s = szFileName; 

//Check Read and Write permission on the file. 
res[1].type = SPEF_RESTYPE_BITARRAY; 

res[1].val_u.n = SPEF_FILE__READ | SPEF_FILE_ WRITE; 


result = SPEF_Check( hStoreHandle, SPEF_PERM_FILE, nPID, res, 2 ); 
//SPEF_FILE__READ, SPEF_FILE_ WRITE, SPEF_PERM_FILE is defined in spef_ms.h 
//spef_ms.h is generated from mata store by spef_compile utility 


if (OK == result) 

printf ("PID Sd is allowed to access %s. An", nPID, szFileName) ; 
else 

printf("Access denied. \n"); 


SPEF_CloseStore( hStoreHandle ); 
return 0; 
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